Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-51775

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-03 Aug, 2025 | 10:13
Updated At-04 Nov, 2025 | 21:09
Rejected At-
Credits

Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:03 Aug, 2025 | 10:13
Updated At:04 Nov, 2025 | 21:09
Rejected At:
▼CVE Numbering Authority (CNA)
Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Zeppelin
Collection URL
https://repo.maven.apache.org/maven2
Package Name
org.apache.zeppelin:zeppelin-shell
Default Status
unaffected
Versions
Affected
  • From 0.11.1 before 0.12.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-1385CWE-1385 Missing Origin Validation in WebSockets
Type: CWE
CWE ID: CWE-1385
Description: CWE-1385 Missing Origin Validation in WebSockets
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
moderate
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Calum Hutton
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/apache/zeppelin/pull/4823
patch
Hyperlink: https://github.com/apache/zeppelin/pull/4823
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/08/03/5
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/08/03/5
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:03 Aug, 2025 | 11:15
Updated At:04 Nov, 2025 | 22:16

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches

The Apache Software Foundation
apache
>>zeppelin>>Versions from 0.11.0(inclusive) to 0.12.0(exclusive)
cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1385Secondarysecurity@apache.org
CWE ID: CWE-1385
Type: Secondary
Source: security@apache.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/apache/zeppelin/pull/4823security@apache.org
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/08/03/5af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/apache/zeppelin/pull/4823
Source: security@apache.org
Resource:
Issue Tracking
Hyperlink: http://www.openwall.com/lists/oss-security/2025/08/03/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

225Records found

CVE-2023-44313
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.6||HIGH
EPSS-3.46% / 87.59%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 08:49
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API

Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0(include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-servicecombApache ServiceComb Service-Center
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-44312
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.8||MEDIUM
EPSS-0.81% / 52.53%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 08:49
Updated-30 May, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-servicecombApache ServiceComb Service-Center
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-9483
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-34.61% / 98.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 14:28
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-skywalkingApache SkyWalking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-49328
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.50% / 39.20%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 10:10
Updated-01 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Fesod (Incubating): Improper validation of user-supplied URLs leading to SSRF

Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to version 2.0.2-incubating, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-fesodApache Fesod (Incubating)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-49875
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 38.25%
||
7 Day CHG+0.12%
Published-12 Jun, 2026 | 08:54
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: XML External Entity (XXE) Injection in W3CMultiSchemaFactory and EndpointReferenceUtils

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-cxfApache CXFRed Hat JBoss Web Server 5Red Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3Red Hat JBoss Enterprise Application Platform 7Red Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-49486
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.76%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:05
Updated-26 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)

The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files over FTPS exposed file contents and credentials-in-transit to a network attacker able to observe the data connection. Upgrade apache-airflow-providers-ftp to `3.15.1` or later, which issues `PROT P` to encrypt the data channel.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-ftpApache Airflow FTP provider
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2023-42795
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.16% / 79.97%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:42
Updated-29 Oct, 2025 | 12:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxtomcatApache Tomcataccumulo
CWE ID-CWE-459
Incomplete Cleanup
CVE-2026-44618
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.73%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 12:17
Updated-22 May, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2026-44930
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 47.88%
||
7 Day CHG+0.22%
Published-22 May, 2026 | 12:16
Updated-30 Jun, 2026 | 03:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-cxfApache CXFRed Hat build of Apache Camel for Spring Boot 4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Fuse 7
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2019-17572
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.99% / 85.65%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 16:10
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-rocketmqApache RocketMQ
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2026-43513
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.47% / 37.13%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 15:26
Updated-15 May, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: LockOutRealm treats user names as case-sensitive

Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Older unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2026-24308
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-1.15% / 62.86%
||
7 Day CHG+0.04%
Published-07 Mar, 2026 | 08:51
Updated-03 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ZooKeeper: Sensitive information disclosure in client configuration handling

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue. Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-zookeeperApache ZooKeeperRed Hat build of Debezium 2Red Hat Fuse 7Red Hat AMQ Broker 7.12.7Streams for Apache Kafka 2.9.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apache Camel for Spring Boot 4Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat JBoss Enterprise Application Platform 7Red Hat AMQ Broker 7.14.0Red Hat AMQ Broker 7.13.5Red Hat OpenShift AI 2.25Red Hat Offline Knowledge PortalRed Hat JBoss Enterprise Application Platform 8Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-117
Improper Output Neutralization for Logs
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-43646
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.32%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 08:31
Updated-06 May, 2026 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Wicket: crafted URLs can bypass PackageResourceGuard

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-wicketApache Wicket
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-31698
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.45% / 35.84%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 10:07
Updated-01 Jul, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL

ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.  This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-284
Improper Access Control
CVE-2023-41081
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.26% / 65.94%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 09:30
Updated-25 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request

Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. History 2023-09-13 Original advisory 2023-09-28 Updated summary

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcat_connectorsApache Tomcat Connectorstomcat_connectors
CVE-2025-29847
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2026 | 08:36
Updated-27 Jan, 2026 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows unauthorized access to system files via JDBC parameters. Scope of Impact This issue affects Apache Linkis: from 1.3.0 through 1.7.0. Severity level moderate Solution Continuously check if the connection information contains the "%" character; if it does, perform URL decoding. Users are recommended to upgrade to version 1.8.0, which fixes the issue. More questions about this vulnerability can be discussed here:  https://lists.apache.org/list?dev@linkis.apache.org:2025-9:cve

Action-Not Available
Vendor-The Apache Software Foundation
Product-linkisApache Linkis
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-27817
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-62.37% / 99.08%
||
7 Day CHG+1.53%
Published-10 Jun, 2025 | 07:55
Updated-11 Jul, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kafka Client: Arbitrary file read and SSRF vulnerability

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kafkaApache Kafka Client
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-27553
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.28% / 66.43%
||
7 Day CHG~0.00%
Published-23 Mar, 2025 | 14:16
Updated-02 Apr, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT

Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-commons_vfsApache Commons VFS
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-26795
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.71% / 48.96%
||
7 Day CHG+0.03%
Published-14 May, 2025 | 10:43
Updated-11 Jul, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-iotdbApache IoTDB JDBC driver
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-23942
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.31%
||
7 Day CHG~0.00%
Published-26 Apr, 2022 | 16:05
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Doris hardcoded cryptography initialization

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dorisApache Doris(Incubating)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-1999-0236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.79% / 97.72%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Action-Not Available
Vendor-illinoisn/aThe Apache Software Foundation
Product-http_serverncsa_httpdn/a
CVE-2026-46745
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 43.19%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 10:41
Updated-27 May, 2026 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-fabApache Airflow FAB provider
CWE ID-CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVE-2022-22932
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 11:10
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal flaws

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326

Action-Not Available
Vendor-The Apache Software Foundation
Product-karafApache Karaf
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-23223
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.31% / 89.95%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 13:00
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ShenYu Password leakage

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu (incubating)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-24783
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.76% / 50.75%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 14:47
Updated-15 Jul, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Cocoon: continuations may not be private

** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cocoonApache Cocoon
CWE ID-CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
CVE-2025-23195
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.33%
||
7 Day CHG~0.00%
Published-21 Jan, 2025 | 21:22
Updated-09 Jun, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie

An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ambariApache Ambari
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2014-7808
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.81%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-wicketn/a
CVE-2016-8741
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.18% / 92.63%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.

Action-Not Available
Vendor-The Apache Software Foundation
Product-qpid_broker-jApache Qpid Broker-J
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-40272
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.67% / 73.91%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 13:52
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow Spark Provider Arbitrary File Read via JDBC

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apache-airflow-providers-apache-sparkApache Airflow Spark Providerapache-airflow-providers-apache-drill
CWE ID-CWE-20
Improper Input Validation
CVE-2021-45457
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.52%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:35
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Overly broad CORS configuration

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-45458
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.21%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:35
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2023-39196
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.79% / 51.89%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 12:56
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints

Improper Authentication vulnerability in Apache Ozone. The vulnerability allows an attacker to download metadata internal to the Storage Container Manager service without proper authentication. The attacker is not allowed to do any modification within the Ozone Storage Container Manager service using this vulnerability. The accessible metadata does not contain sensitive information that can be used to exploit the system later on, and the accessible data does not make it possible to gain access to actual user data within Ozone. This issue affects Apache Ozone: 1.2.0 and subsequent releases up until 1.3.0. Users are recommended to upgrade to version 1.4.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-287
Improper Authentication
CVE-2026-40682
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-0.52% / 40.01%
||
7 Day CHG+0.11%
Published-04 May, 2026 | 16:55
Updated-30 Jun, 2026 | 09:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor

XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCESSING or disabling DTD processing. When create(InputStream, EntryInserter) is invoked, the only feature set on the XMLReader is namespace support — external entity resolution and DOCTYPE declarations remain fully enabled. An attacker who can supply a crafted dictionary file (e.g., a stop-word list or domain dictionary) containing a malicious DOCTYPE declaration can trigger local file disclosure via file:// entity references or server-side request forgery via http:// entity references during SAX parsing, before the application processes a single dictionary entry. This is inconsistent with the project's own XmlUtil.createSaxParser() helper, which correctly sets FEATURE_SECURE_PROCESSING and disallow-doctype-decl and is used by all other XML parsing paths in the codebase. The public Dictionary(InputStream) constructor delegates directly to this method and is the documented API for loading user-supplied dictionaries, making untrusted input a realistic scenario. Mitigation: 2.x users should upgrade to 2.5.9. 3.x users should upgrade to 3.0.0-M3. Users who cannot upgrade immediately should ensure that all dictionary files are sourced from trusted origins and should consider wrapping the Dictionary(InputStream) constructor with input validation that rejects any XML containing a DOCTYPE declaration before it reaches the parser.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-opennlpApache OpenNLPRed Hat OpenShift AI (RHOAI)Red Hat Data Grid 8Red Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2014-3526
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.28% / 80.96%
||
7 Day CHG~0.00%
Published-30 Oct, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-wicketn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-34981
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.12% / 62.08%
||
7 Day CHG~0.00%
Published-21 Jun, 2023 | 10:26
Updated-13 Feb, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: AJP response header mix-up

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcattomcat
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2026-34486
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-15.83% / 96.48%
||
7 Day CHG+0.38%
Published-09 Apr, 2026 | 19:35
Updated-30 Jun, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Action-Not Available
Vendor-The Apache Software FoundationRed Hat, Inc.
Product-tomcatApache TomcatRed Hat JBoss Web Server 5Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat JBoss Web Server 6Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-807
Reliance on Untrusted Inputs in a Security Decision
CVE-2026-34487
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.45% / 35.83%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 19:36
Updated-14 Apr, 2026 | 12:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2026-34032
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.48% / 38.25%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 12:54
Updated-04 May, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-170
Improper Null Termination
CVE-2026-34483
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.46% / 36.75%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 19:30
Updated-14 Apr, 2026 | 12:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Incomplete escaping of JSON access logs

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2026-33266
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.23% / 14.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:52
Updated-15 Apr, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials. This issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetings
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2026-34020
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.51% / 39.63%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 15:52
Updated-15 Apr, 2026 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OpenMeetings: Login Credentials Passed via GET Query Parameters

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetings
CWE ID-CWE-598
Use of GET Request Method With Sensitive Query Strings
CVE-2026-33857
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 31.22%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 13:07
Updated-04 May, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-34059
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.31%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 12:39
Updated-04 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-126
Buffer Over-read
CVE-2026-33558
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.18%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 13:20
Updated-22 Apr, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will be exposed via the requests and responses output log. The entire lists of impacted requests and responses are: * AlterConfigsRequest * AlterUserScramCredentialsRequest * ExpireDelegationTokenRequest * IncrementalAlterConfigsRequest * RenewDelegationTokenRequest * SaslAuthenticateRequest * createDelegationTokenResponse * describeDelegationTokenResponse * SaslAuthenticateResponse This issue affects Apache Kafka: from any version supported the listed API above through v3.9.1, v4.0.0. We advise the Kafka users to upgrade to v3.9.2, v4.0.1, or later to avoid this vulnerability.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kafkaApache KafkaApache Kafka Clients
CWE ID-CWE-533
DEPRECATED: Information Exposure Through Server Log Files
CVE-2023-33933
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.50% / 71.05%
||
7 Day CHG~0.00%
Published-14 Jun, 2023 | 07:44
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Servertraffic_server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-32228
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.26%
||
7 Day CHG~0.00%
Published-18 Apr, 2026 | 06:19
Updated-21 Apr, 2026 | 12:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32990
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.45%
||
7 Day CHG~0.00%
Published-09 Apr, 2026 | 19:23
Updated-14 Apr, 2026 | 12:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Fix for CVE-2025-66614 is incomplete

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-20
Improper Input Validation
CVE-2026-32966
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.39% / 31.00%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 08:43
Updated-17 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-31909
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.49% / 38.30%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 09:32
Updated-19 May, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: Unauthenticated Shipment Label Image Disclosure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-31924
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 14.73%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 08:08
Updated-17 Apr, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apisixApache APISIX
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found